03-12-2004 12:54 PM - edited 03-02-2019 02:15 PM
I have a mac controlled VACL configured on an active vlan interface, however the VACL will not go active until I add an IP access-list. I want to filter bridged traffic within the vlan, what is wrong ?
mac access-list extended mediaserver
permit any host 0002.554f.e693
permit any host 0009.6bce.417a
permit any host 0009.6bce.45d9
permit host 0009.6bce.45d9 any
permit host 0009.6bce.417a any
permit host 0002.554f.e693 any
!
!
vlan access-map backup 10
match mac address mediaserver
action forward
!
vlan filter backup vlan-list 220
interface Vlan220
ip address 10.105.220.1 255.255.252.0
03-12-2004 09:10 PM
Is this IP traffic? I don't think IP traffic is access controlled by mac VACLs.
~Zach
03-15-2004 07:05 AM
How do I control ip traffic being bridged through a 6509 to another switch ? I hoped VACL would give me the opportunity to limit traffic within a vlan.
Any suggestions would be very much appreciated.
03-15-2004 05:04 PM
I believe IP VACLs can block intra-VLAN (i.e., bridged) traffic.
03-16-2004 02:01 PM
that's correct. IP VACLs filter can intra-vlan IP traffic. IPX Vacls filter can filter intra-vlan IPX traffic. MAC VACLs filter any non-IP , non IPX vlan traffic.
Please read the "Configuring Access Control" Guide in the Catalyst 6500 Config Guide on Cisco.com for more details on how VACLs work.
URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_1/confg_gd/acc_list.htm#1020508
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: